How you can have your cookie and eat it, too

Last time around we were beginning a discussion about online privacy and protection and how browser cookies contributed to that conversation. If you remember, or are just joining the conversation, I discussed how cookies are essentially small text files that are passed from a website to a user’s computer and are basically used as a means of identifying the user’s computer, or more specifically the user’s browser to that website.

Cookies are advantageous to webmasters and marketers in that they can be used to show patterns in the user’s online behavior. Naturally, they would like to see the user get the most benefit out of the website, be it spending more time or money, or sharing it with family, friends, and colleagues. The data provided by the use of cookies helps the webmaster better understand what his or her visitors are interested in; which content they like more, which content they like less.

Cookies are also great for the consumer or end-user. They can store login information, making it quicker and easier to access controlled content. They expedite the checkout process by remembering our addresses and shipping preferences. They can even help us with purchasing decisions by providing retailers with information about previous purchases, allowing the retailer to suggest other items we might be interested in.

When you consider how cookies make our online experience so much better, it would be easy to say that cookies are heaven-sent and do nothing but spread goodness and joy throughout the Internet. The reality is there is a wacko out there who is, at this very moment, trying to figure out a way to access the cookies that are being stored on your web browser. And here are few of the more common ways he is attempting to do that.

One thing to remember is that the cookie on your computer doesn’t identify you; it identifies the web browser on the computer. One of the easiest ways for someone to get into your personal information is to simply use the computer you use. If your login credentials for your credit card are stored in a cookie on the browser, the bad guy really doesn’t even need to work for it — you might as well have just handed over your account information to him.

When the user’s computer isn’t readily available, the ambitious Villian McNasty will surely set his sights on the user’s network next. Typically referred to as Network Eavesdropping or SideJacking, this is when an attacker will join into your network and start collecting data as it is being transferred across the network. This would typically take place in an office setting or on a public Wifi network like you might find at a coffee shop, restaurant, hospital or airport. This type of attack is very passive — the attacker is simply watching the data flow by and waiting for the stuff he wants to grab — and login cookies are a prime catch.

There are two ways to defeat this guy: at home, make sure your wireless network is password-protected and make sure you know who is accessing it. There is network security monitoring software out there that will alert you when an intruder is on your network; on the road: avoid the urge to reconcile your bank account on your next layover in Fayetteville. Go to YouTube, search for “rednecks, fireworks, and bad choices” and that week you spent in Cleveland last night will soon fade into comedic oblivion.

But just like all things concerned with sharing your personal information with anyone, a little common sense will go a long way in keeping you safe. The likelihood of your identity being stolen by shopping online with a major brand name retailer is pretty slim. But the likelihood of it happening rises exponentially when you give “Magic Bob’s Free Airline Ticket Generator” your Social Security number.

That being said, one of the best ways to make sure your hand is the only one in the proverbial “cookie” jar is to simply limit your online exposure. Perform your financial transactions from your home computer, limit your use of social networking sites and financial transactions to only those computers that are predominantly in your custody, i.e., your home computer: great, your laptop in your locked office.

Despite the perceived downfalls of cookies, they really do provide a great service to both sides of Internet interaction by providing users with the speed and convenience of automated transactions, targeted advertising, and simplified logins, while webmasters and marketers get access to data that can enhance the online experience.

Wailes is an interactive developer at Burns Marketing Communications in Johnstown. If you have questions or would like to suggest a topic for a future Geek Chic column, email him at news@ncbr.com.